Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Changes - Token Expiration #1

Open
tmilewski opened this issue Oct 24, 2013 · 0 comments
Open

API Changes - Token Expiration #1

tmilewski opened this issue Oct 24, 2013 · 0 comments
Assignees
@tmilewski
Labels
feature
Milestone
v1.1

Comments

@tmilewski
Copy link
Member

On 11/8 Venmo will be deploying changes to how they grant long-lived tokens to API consumers. This does not affect tokens that have already been granted.

  • Tokens issued through the server-side authentication flow will no longer be non-expiring. These tokens expire after 60 days.
  • To refresh these long-lived tokens, clients can exchange a refresh token (the refresh_token field included in the server-side authentication response) for a new access_token, refresh_token pair. Note that exchanging a refresh token for new tokens must be done only after the associated access token has expired.
  • An expires_in field will now be included in the server-side authentication response. The value is in seconds.

Old Response:

{
"access_token": ACCESS_TOKEN, 
"user":  {...}
}

New Response:

{
"access_token": ACCESS_TOKEN,
"user": {...},
"refresh_token": REFRESH_TOKEN,
"expires_in": 5184000
}

After the token has expired, you need to POST to /oauth/access_token with REFRESH_TOKEN, CLIENT_ID, CLIENT_SECRET and receive a new access token, refresh token, and time to expiration.
@ghost ghost assigned tmilewski Oct 24, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tmilewski tmilewski

Labels
feature
Projects
None yet
Milestone
v1.1
Development

No branches or pull requests
1 participant
@tmilewski